New Account Takeover on Telegram
Telegram accounts are taken over through phishing login links, intercepted SMS codes, and malicious bots that harvest session data, then used to scam the victim's contacts or access premium channel subscriptions.
Part of: New Account Takeover
Last reviewed: 1 June 2026
Telegram account takeover is particularly valuable to attackers because the platform hosts significant communities and subscription-based channels. A hijacked account with paid channel memberships or a large contact list can be monetised immediately, and the account's existing reputation in groups and channels lends credibility to subsequent scam activity.
The platform's reliance on SMS for two-factor authentication creates a vulnerability: attackers who can intercept or forward the SMS login code gain full account access.
How this scam works on Telegram
A phishing link arrives via Telegram DM or email, leading to a fake Telegram login page. Entering credentials allows the attacker to attempt a session takeover. Some phishing sites use Telegram's own login widget in reverse — they request the victim to approve an authorisation they did not initiate, granting the attacker session access.
Social engineering attacks target the victim's contacts first: an attacker who controls a contact's account messages the victim claiming to have sent a Telegram verification code to their number by mistake, asking for it to be forwarded. The code is actually for the victim's account — forwarding it allows re-registration.
Malicious bots in Telegram groups offer services, access to paid content, or prizes in exchange for 'account verification' — a step that requests the one-time code sent to the user's phone, completing the takeover.
Common red flags
- DM from a contact asking you to forward a Telegram verification code received on your phone
- Telegram bot requesting a verification code as part of accessing a service or prize
- Login confirmation prompt for a Telegram session you did not initiate
- Contacts in your Telegram list reporting unusual messages from your account
- Sudden inability to receive Telegram messages or access channels
- Unexpected charges for Telegram Premium linked to your phone number
How to protect yourself
- Enable Telegram's two-step verification (password) in Settings > Privacy and Security > Two-Step Verification
- Never forward a Telegram verification SMS to anyone — this is always a takeover attempt
- Review active sessions in Settings > Privacy and Security > Active Sessions and terminate any you do not recognise
- Set your Telegram privacy to prevent strangers from finding your account by phone number
- Use a dedicated email linked to your Telegram account for additional recovery options
- Be suspicious of any Telegram bot or service that requests a verification code as part of onboarding
How to report it
- Report the attacker's account to Telegram's abuse team at [email protected] or via the in-app report function
- Use Telegram's official account recovery process if you have lost access
- Report financial loss or significant harm to your national cybercrime unit
Frequently asked questions
How does Telegram two-step verification differ from the SMS code?
The SMS code is sent each time you log in on a new device — it can be intercepted or socially engineered. Two-step verification adds a separate password that you set yourself and that is required in addition to the SMS code. This password cannot be intercepted via SMS, making takeover significantly harder.